Dears,
As per my understanding to who external captive portal works in Fortigate: there are certain http parameters that are communicated in the process flow "like the magic parameter and post-to parameter).
I am asking about how this process would affect integrating FAC as external captive portal with different vendors.
Some documents in Aruba states that extneral captive portal should be communicating with the controller with xml api via http post messages to valid user location or send user role.
Also in FAC configuration, when configuring the portal policy, in Portal selection criteria: we have options to match on http parameters available for cisco, fortigate and fortiWLC. Does this mean that we cannot integrate with other vendors?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Regarding the selection criteria you can easily create a new one:
The workflows and the URL information can be found here:
If you can make the Aruba Controller to understand this request you can make it work.
If you have trouble integrating with FortiAuthenticator you can try FortiNAC that does have support for Aruba WLC or InstantAP: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/86372da2-200d-11e9-b6f6-f8bc12...
Hello Emirjon,
Thanks for pointing to the workflows.
I can see that the URL redirection has post=xxx in case of Fortigate and switch_url=xxx in case of cisco WLC.
In a previous forum post, I had learned in a previous forum post that FAC matches the IP/FQND given into the post= or switch_url against the selected APs in the policy.
Thus, I think Aruba should send include a similar parameter in the URL in order for the FAC to recognize the AP ip.
Secondly, Fortigate has a parameter "magic" and cisco has parameter button_clicked. At it seems that FAC is able to include those parameters in the HTML page presented to the client so that when the client submit the API call to the fortigate or cisco, those parameters, the requreid paramteres are included in the API call.
IF special parameters like the above are required in Aruba, is there any way to control the included http parameters that are included in the html login form presented to the client who will then submit it to the controller.
?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
225 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.